[Openswan Users] Tunnels come up, but not all traffic goesthrough

Herbert Xu herbert at gondor.apana.org.au
Sun Jun 13 19:11:59 CEST 2004


Jacco de Leeuw <jacco2 at dds.nl> wrote:
> 
> The idea is to bind the L2TP daemon to localhost or an internal interface.
> So when IPsec is down and there is no firewall, the daemon is not exposed
> on the external interface. I don't particularly care how this is achieved,
> as long as it's safe and it works. It worked with DNAT on ipsec0. If there
> is another way to do this, I'd be interested to know.

As I explained in the previous message, this is not 100% effective on
Linux as your nexthop will be able to get to that private address.

> Any idea if these patches will be in the mainstream soon?

Well when it has been tested more thoroughly.  So if you want to help
please give it a try.  You'll find it in on www.netfilter.org.

Cheers,
-- 
Visit Openswan at http://www.openswan.org/
Email:  Herbert Xu ~{PmV>HI~} <herbert at gondor.apana.org.au>
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt


More information about the Users mailing list